Feature: News

Baker College wins National Collegiate Cyber Defense Competition

Baker College of Flint, Mich., defeated defending champion Texas A&M University and four other regional winners from across the country to capture the third annual National Collegiate Cyber Defense Competition, which concluded in San Antonio, Texas, over the weekend. Texas A&M finished a close second, and the University of Louisville took third. Also competing for the championship were the Community College of Baltimore County, Mount San Antonio College of Los Angeles County, and the Rochester Institute of Technology.

Teams are scored on how well they protect their identical networks, made up a Cisco router and five servers: Windows 2003 running Internet Information Services, Windows 2000 running DNS, Solaris X86 running Apache and OpenSSL, Gentoo running MySQL and NFS, and BSD running Sendmail. Team workstations can run Vista, Windows, Fedora, or BSD, as the team prefers. Teams are required to provide SMTP, POP3, HTTP, HTTPS,and DNS services throughout the competition, and outages on any of those services result in deductions from their score. At specified times, the teams are also asked to bring up FTP, SSH, RDP, and VNC services, in accordance with the 2008 competition rules.

In addition to the attackers (the Red Team) and the defenders (the Blue Teams), there is also a White Team. The White Team acts as the overall network operations center, observers, and as communications center. All requests for information, assistance, and problem reporting by the competing teams go through the White Team; teams are not allowed direct communication with the outside world except for publicly available information and software available on the Internet. The White Team also delivers in-competition requests for new services and scores the teams' performance.

The entire event took place at the San Antonio Airport Hilton hotel, and each team (Red, White, and each competing Blue team) had its own private, closely guarded room. A White Team observer was present in each competing team's room for the entire competition.

Team Hilarious

Red Team captain Dave Cowen has a jovial face and a pirate's beard. When his laughter could be heard in the hall outside the Red Team room, collegians winced, because they knew that another server has just fallen prey to the Red Team's relentless attacks.

The other Red Team members (first names only) Luke, Ryan, Evan, Jacob, and Leon are all professionals in the security industry. On Friday, the first day of the competition, the Red Team had the adrenaline of the hunt, the chase, the pursuit of hapless quarry, in the air, as team members sat around the conference table, staring into the screens of their laptops, some using two laptops at once, and sharing information as they gleefully began probing the target networks for weaknesses and mapping IP addresses to specific configurations.

One of the first remarks heard after the competition began was, "Interesting, the Solaris exploit from last year still works." That was followed shortly by Dave Cowen announcing "OK, professionals, we need a local Solaris 5.10 exploit for privilege escalation."

In addition to a few members of the press, the Red Team room was also visited by various federal agents. A contingent from the Secret Service was present all weekend. Three black-suited gentlemen claiming to be from the FBI were present Friday. Defense Information Systems Agency agents were present as part of the competition infrastructure, and among their other duties, helped escort journalists from room to room during the event.

The mood in the Baltimore County Community College Blue Team room Friday afternoon was in stark contrast with the lightness and laughter heard in the Team Hilarious room. All seven team members were focused on the job at hand, which was to begin securing the network they found running at the start of the competition. Voices were muted, there was no idle chatter, and everyone was busy at whatever task they had been assigned.

Teams are allowed to modify the configurations as they see fit during the event, so long as they follow the rules and provide the required services. The configuration itself seems to have been a weak spot for defending the networks, and at the end of the competition on Sunday, Cowen said that you reach a point where the configuration is more important than the supply of exploits available to attackers. He made that remark not long after hacking a team's Web server so that it displayed their credit card database as its homepage during the last half hour of the competition.

A two-hour awards luncheon took place shortly after the end of competition Sunday morning. There were speeches by US Representative Ciro Rodriguez and Cornelius Tate, the brand-new Director of the DHS Cyber Security Division, prior to announcing the winners. This year's competition was the closest ever, with three teams in a virtual tie after the second day, and Baker edging defending champion Texas A&M by the slimmest of margins at the end. Whether they took home the gold or not, all the teams were made up of bright, skillful students, and given the presence of two community college teams in the final six, it's obvious that the size of the school is not as important as the skill of its students in the world of cyber defense.

Baltimore County Community College, the only team with a female competitor, and Mount San Antonio Community College in Los Angeles, proved that network security skills are not the exclusive domain of larger, better-known institutions. Their presence at this national competition is roughly the equivalent of a community college basketball team making it to the NCAA's Final Four, and both schools and students deserve kudos for going head to head against teams from much larger schools, especially since those schools may include two graduate students on their team.

Dr. Gregory White, director of the UTSA CIAS, one of the founders of the original competition when it was held on a regional basis rather than nationally, explained there is a large network and computer security population in San Antonio, primarily because the Air Intelligence Agency is located there. UTSA was a logical place to become an academic center for computer and network security. That led to it becoming the first Texas university to be designated as a "Center for Academic Excellence in Information Assurance Education" by both the DHS and the National Security Agency, and it currently offers bachelor and masters-level degrees in information security from several of its schools.

Sponsors for this year's event included the AT&T Foundation, DHS, Cisco Systems, Acronis, Northrop Grumman, Accenture, the Information Systems Security Association, Core Security, G-C Partners, our sister site ThinkGeek, Code Magazine, and Pepsi. White said that more sponsors are needed for future competitions in order to do all the things CIAS wants to accomplish.

Re: Baker College wins National Collegiate Cyber Defense Competition

Baker College wins National Collegiate Cyber Defense Competition

Posted by: Anonymous
[ip: 67.107.53.166]
on April 21, 2008 10:01 PM

In past years, only the teams were told what place they finished. It was not released to the press. Baker did an excellent job at the lower two levels when they competed, so I am not surprised by the results.

Baker College wins National Collegiate Cyber Defense Competition

Posted by: Anonymous
[ip: 129.115.29.204]
on April 21, 2008 10:38 PM

The last few teams are never announced to keep spirits high. The teams were all very close to another in terms of scoring. I'm saying this from a Team Hilarious standpoint btw. There were some teams though that did have a tendency to get more visits from the team though. In all a great competition and learning experience for everyone.

Baker College wins National Collegiate Cyber Defense Competition

Re: Baker College wins National Collegiate Cyber Defense Competition

Posted by: Anonymous
[ip: 68.185.92.2]
on April 22, 2008 02:25 AM

That's how it is sometimes, you come into a new NOC and it looks like a bunch of people with "<Insert Computing product here> for dummies" set it all up and strung it together with tincans and string and you've gotta maintain it while botnet herders and every 14 year old with a sploit is trying to get into your box.

Though if they couldsome sort of span port and eating data passively to a write once FS attached box.

Baker College wins National Collegiate Cyber Defense Competition

Posted by: Anonymous
[ip: 129.115.29.204]
on April 21, 2008 11:48 PM

The part that most people forget about this competition is that it isnt about the basic rules of box -> firewall -> inet with everything patched and only certain ports open. This competition brings in the business element with a ton of injects that can have the team do anything from creating logins for marketing teams ( o wait was that a red team inject that got mixed in? ;) ) to setting up webmail or writing a status report. The competition is made to overwhelm the teams as much as possible with unexpected things. Just like they would in the real world. Once again I was one of the red team members.

BSD?

Re: BSD?

It was Awesome, from all perspectives :)

Posted by: Anonymous
[ip: 75.9.215.195]
on April 23, 2008 05:24 AM

Every team did an awesome job, and I am speaking from an observation point of view, I saw every aspect of the competition. Team Hilarious..Gotta give you props...the competition was awesome. Red team injects were especially hilarious. Any way good job everyone, any one who has competed knows just how difficult the competition is and how much time it takes to prepare. The competitors definitely had skillz! Props to all teams I think that covers it.